How can you create an inclusive data governance and security policy?

1. Diverse Input: Include perspectives from various teams and departments in policy creation. 2. Education Programs: Conduct training to enhance awareness of security measures. 3. Accessible Policies: Ensure policies are easily understandable for all stakeholders. 4. Feedback Mechanism: Establish channels for continuous feedback and improvement. 5. Cultural Integration: Align policies with the existing organizational culture. 6. Executive Leadership: Involve leaders in the communication and enforcement of policies.

I think in defining your data values and principles it's better to think about what matters most in handling data in a way that's fair and respectful and ask yourself: How can we ensure our data use benefits everyone involved and doesn't harm anyone? This means making data easy to find and use (FAIR), and also caring about how it impacts people and communities (CARE). I think principles should be like a compass, guiding every step in managing data, always pointing towards doing what's right and being transparent about it.

Create an inclusive data governance policy by defining clear objectives, involving diverse stakeholders, ensuring regulatory compliance, implementing access controls, providing inclusive training, incorporating privacy by design, classifying data sensitivity, maintaining data quality, developing an incident response plan, assessing vendors, communicating policies transparently, encouraging feedback, considering cultural sensitivity, conducting regular audits, and committing to continuous improvement.

Corporate “culture” is key for guiding internal and external communities in your “circle of influence”. Our SMRI culture or mindset is to service the “greater good for the greater number” with our data analytics insights. When you have that mantra…the rest is “nothing but net”…literally and figuratively:).

Having spent much of my career in marketing and at ad agencies has taught me the importance of branding. The auto-generated advice - "establish the core values and principles" - resonates deeply with this experience: It's essential to define who you are and what you stand for. This foundational step in establishing core values and principles isn't just about drafting policies; it's about embodying your brand. When team leadership consistently demonstrates how these brand values influence decision-making, it sets a powerful example. This approach ensures that the entire team internalizes and reflects these principles in every decision they make, truly living the brand.

A data and analytics roadmap exercise that considers the opinion, need and rationalisation of more than one key representative from each function of the business is key. This roadmap is the merging point of business needs, feasibility, best practices and ROI assessment. We have delivered several roadmaps that provide great clarity for many aspects of Data & AI implementations and a Governance plan has always been a key outcome.

An effective data governance council should include representatives from the business domains, InfoSec, compliance, executive team, and any other group that shows interest. Legal/compliance/InfoSec representation is critical. Business & data representation are critical. The trick is to balance the size of the council (as small as possible) with the expertise necessary to get the job done.

Data security in analytics is always a balance between protecting data (exposing as little as necessary) and letting analysts do their work (seeing as much data as possible). We should only collect and collate the data necessary for business operations and analysis. We should only apply analytics to the data necessary to calculate metrics and create visualizations that support our business. In population analytics, we can publish aggregations of data by dimensions that do not allow identification of individuals. "De-identified" data can be extremely useful in population, marketing, and segmentation analytics.

Data quality is one of the fundamental aspects data must have to be useful for companies. When data has good quality companies can maximize it's business outcomes by making more informed decisions. Some examples of data quality considerations are 1) complete data (no missing records), 2) Non-duplicated records, 3) No missing values, 4) Standardized date formats, 5) No leading or trailing white spaces in text fields, 6) No orphaned foreign keys a.k.a. referential integrity. 7) Proper normalization for OLTP databases and star or snowflake schemas for data warehouses. Regarding data governance software, Apache Atlas is a great one.

Effective data quality and security standards require an inclusive effort. Analytics experts can define data quality standards, but the business stakeholders have the necessary context to inform those decisions. Similarly, data security is informed by data, compliance, InfoSec, and business stakeholders. Inviting input from all parties will also make it easier to solicit input for review and feedback when necessary.